Oracle CPU for January 2023 lists MySQL connector CVEs: https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL We already fixed this in cyrus-sasl (Bug 30085), but if this package is bundling that code, we should link it to the system cyrus-sasl instead.
Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOCC: (none) => jani.valimaa
Done for both mga8 and Cauldron with mysql-connector-c++-8.0.32-1.mga8 and mysql-connector-c++-8.0.32-3.mga9!
CC: (none) => geiger.david68210
So David told me on IRC that it doesn't appear to bundle cyrus-sasl code but it *does* bundle protobuf, which we've built it against system protobuf, which is still affected by multiple security issues. So, we'll need to address that too. libmysqlcppconn8_2-8.0.32-1.mga8 libmysqlcppconn9-8.0.32-1.mga8 libmysqlcppconn8-devel-8.0.32-1.mga8 from mysql-connector-c++-8.0.32-1.mga8
Depends on: (none) => 30906Version: Cauldron => 8Whiteboard: MGA8TOO => (none)
Now that protobuf has been addressed, assigning this to QA. Package list in Comment 3.
Assignee: mageia => qa-bugs
Mageia 8-64 MATE on Acer Aspire 5253. No installation isues. No previous updates. Citing MCC "MySQL Connector/C++ is a MySQL database connector for C++ development. " So as with others developer's area, OK on clean install. Beside: # urpmq --whatrequires lib64mysqlcppconn8_2 lib64mysqlcppconn8-devel lib64mysqlcppconn8_2 # urpmq --whatrequires lib64mysqlcppconn9 lib64mysqlcppconn8-devel lib64mysqlcppconn9
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
A clean install was all that was needed in Bug 29923, so it should be OK here, too. Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0095.html
Status: NEW => RESOLVEDResolution: (none) => FIXED